Over two million smart devices are major security risks and should be thrown out, researcher says

It’s high time consumers stop using insecure IoT devices that aren’t implementing adequate safety and privacy measures – if they’re going to use them at all. Security researcher Paul Marrapese disclosed several alarming flaws impacting 2 million IoT devices back in April and hasn’t heard back from the manufacturers yet about whether they’re going to fix the issue.

The security flaws stated by the security researcher impacted 2 million devices and could potentially lead to dire consequences. It was revealed that these flaws could enable an attacker to spy on the owners or even hijack into their network for carrying out other malicious tasks.

While the vendors selling devices with serious security threats have failed to fix them or respond back, the fact that such vulnerabilities cannot be fixed through security patches is another alarming detail. It was found that the security issues in these IoT devices are nearly impossible to fix and discarding them altogether seems like the only viable step as of now.

During a podcast interview with Threatpost, security researcher Marrapese said, “I 100 percent suggest that people throw them out. I really, I don’t think that there’s going to be any patch for this. The issues are very, very hard to fix, in part because, once a device is shipped with a serial number, you can’t really change that, you can’t really patch that, it’s a physical issue.”

He further stated that he sent an initial advisory note in January to the device vendors who sold IoT devices with poor security measures in place. As he didn’t receive any response from them, he then coordinated with CERT and then disclosed the flaws publicly in the month of April.

Despite a public disclosure, the IoT vendors haven’t responded yet and in a way, this represents the poor security standards followed by the IoT industry at large. As a matter of fact, even the IoT devices sold by tech giants such as Amazon were riddled with several security and privacy threats.